Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


IPsec VPN Overview


A VPN provides a means for securely communicating among remote computers across a public WAN such as the Internet.

Security Director simplifies the management and deployment of IPsec VPNs. In general, VPN configurations are tedious and repetitive when deploying over a large number of SRX Series devices and for full-meshed VPN deployments. With Security Director, you can use VPN profiles to group common settings and apply them to multiple VPN tunnel configurations across multiple SRX Series devices. You can mass deploy site-to-site, hub-and-spoke, and fully meshed VPNs. Security Director determines the necessary deployment scenarios and publishes the required configuration necessary for all SRX Series devices.

You can configure the following parameters for an IPsec VPN:

  • Endpoints for a site-to-site VPN and full-mesh VPN

  • Hubs and spokes for a hub-and-spoke VPN

  • External Interface, tunnel zone, and protected networks or zones for each device

  • Routing settings

  • VPN endpoint configuration

  • Security Director views each logical system as any other security device and takes ownership of the security configuration of the logical system. In Security Director, each logical system is managed as a unique security device.

  • Security Director ensures that the tunnel interfaces are exclusively assigned to the individual logical systems of a device. No tunnel interface is assigned to more than one logical system of the same device.